Granting Access to Okta Support Skip to main content
How satisfied are you with the Okta Help Center?
Thank you for your feedback!
How satisfied are you with the Okta Help Center?
Very Dissatisfied
Very satisfied
Enter content less than 200 characters.
Granting Access to Okta Support
Published: Sep 27, 2016   -   Updated: Jun 22, 2018

"Grant Access to Okta Support​" is an Okta feature that facilitates troubleshooting between Okta Support and a Customer Administrator. When a Customer is engaged in the troubleshooting process with Okta Support it can be helpful if the Customer provides access to the Customer tenant (or org). 

In the Okta Admin Console, beneath Settings -> Account:

Impersonation Management

When enabled, Okta Support will have access to your Okta tenant for 8 hours. This can be extended as needed. 

User-added image

User-added image

Support Access Limitations
  • When this access is granted to Okta, it takes the form of an impersonation event. 
  • The Okta Support TSE's (Technical Support Engineer) impersonation access will be limited by the administrative power of the impersonated administrator.
    • i.e. If an Okta Support TSE impersonates a Read-Only Admin, then the TSE will be only able to conduct RO Admin tasks in the Customer tenant. 
  • Additionally, no matter which Customer Admin is impersonated, the Okta Support TSE will NOT be able to leave the Okta Admin console of the Customer tenant and access that Administrator's Application Dashboard. (i.e. Granting impersonation access does NOT grant blanket Application access)
  • Finally, all actions taken by an Okta Support TSE on behalf of a customer while impersonating a Customer Adminsitrator will be logged appropriately as an impersonation generated event. 
User-added image